`sssd_bind_password` is now used and can be directly set on a remote host.

CHANGELOG.md

@@ -1,4 +1,9 @@
 
+## v1.1.3
+
+### Enhancement
+* `sssd_bind_password` is now used and can be directly set on a remote host.
+
 ## v1.1.2
 
 ### Fix

README.md

@@ -53,7 +53,7 @@ sssd_search_base: 'ou=People,dc=domain,dc=tld
 sssd_bind_dn: 'cn=sssd_user,ou=apps,dc=domain,dc=tld'
 ```
 
-  * Then you also need to enter the `bind_dn_password` on the remote host (`/etc/sssd/conf.d/sssd_domain.conf`|`/etc/sssd/conf.d/dotld.conf`).
+  * Then you also need to enter the `bind_dn_password` on the remote host (`/etc/sssd/conf.d/sssd_domain.conf`|`/etc/sssd/conf.d/dotld.conf`). If you want to define `bind_dn_password` in a playbook, please be sure to use [Vault][ansible vault] (or any other tool) to cipher your data !
 
 ## Configuration
 
@@ -84,6 +84,7 @@ Jérémy Gardais
 * [IPR][ipr website] (Institut de Physique de Rennes)
 
 [vars directory]: ./vars
+[ansible vault]: http://docs.ansible.com/ansible/latest/vault.html
 [gogs to github hook]: https://stackoverflow.com/a/21998477
 [sssd source]: https://git.ipr.univ-rennes1.fr/cellinfo/ansible.sssd
 [sssd github]: https://github.com/ipr-cnrs/sssd

tasks/main.yml

@@ -53,6 +53,7 @@
     content: |
       [domain/{{ sssd_domain }}]
       #ldap_default_authtok = password for {{ sssd_bind_dn }} after END BLOCK
+      {% if sssd_bind_password %} ldap_default_authtok = {{ sssd_bind_password }}{% endif %}
   when: sssd_conf_manage
   notify:
     - restart sssd